[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [libmicrohttpd] 06/10: Check TLS strings lengths
From: |
gnunet |
Subject: |
[GNUnet-SVN] [libmicrohttpd] 06/10: Check TLS strings lengths |
Date: |
Tue, 21 May 2019 21:29:10 +0200 |
This is an automated email from the git hooks/post-receive script.
karlson2k pushed a commit to branch master
in repository libmicrohttpd.
commit c593fa6b8280fec44766ff4986950643837bb8ac
Author: Evgeny Grin (Karlson2k) <address@hidden>
AuthorDate: Tue May 21 21:04:43 2019 +0300
Check TLS strings lengths
---
src/microhttpd/daemon.c | 53 ++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 48 insertions(+), 5 deletions(-)
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index 57f59a57..b4ed655d 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -517,8 +517,18 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon)
#endif
if (NULL != daemon->https_mem_trust)
{
+ size_t paramlen;
+ paramlen = strlen (daemon->https_mem_trust);
+ if (UINT_MAX < paramlen)
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG(daemon,
+ "Too long trust certificate\n");
+#endif
+ return -1;
+ }
cert.data = (unsigned char *) daemon->https_mem_trust;
- cert.size = strlen (daemon->https_mem_trust);
+ cert.size = (unsigned int) paramlen;
if (gnutls_certificate_set_x509_trust_mem (daemon->x509_cred,
&cert,
GNUTLS_X509_FMT_PEM) < 0)
@@ -540,10 +550,24 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon)
if ( (NULL != daemon->https_mem_cert) &&
(NULL != daemon->https_mem_key) )
{
+ size_t param1len;
+ size_t param2len;
+
+ param1len = strlen (daemon->https_mem_key);
+ param2len = strlen (daemon->https_mem_cert);
+ if ( (UINT_MAX < param1len) ||
+ (UINT_MAX < param2len) )
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG(daemon,
+ "Too long key or certificate\n");
+#endif
+ return -1;
+ }
key.data = (unsigned char *) daemon->https_mem_key;
- key.size = strlen (daemon->https_mem_key);
+ key.size = (unsigned int)param1len;
cert.data = (unsigned char *) daemon->https_mem_cert;
- cert.size = strlen (daemon->https_mem_cert);
+ cert.size = (unsigned int)param2len;
if (NULL != daemon->https_key_password) {
#if GNUTLS_VERSION_NUMBER >= 0x030111
@@ -2224,7 +2248,16 @@ psk_gnutls_adapter (gnutls_session_t session,
free (app_psk);
return -1;
}
- key->size = app_psk_size;
+ if (UINT_MAX < app_psk_size)
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (daemon,
+ _("PSK authentication failed: PSK too long\n"));
+#endif
+ free (app_psk);
+ return -1;
+ }
+ key->size = (unsigned int)app_psk_size;
memcpy (key->data,
app_psk,
app_psk_size);
@@ -5042,6 +5075,7 @@ parse_options_va (struct MHD_Daemon *daemon,
if (0 != (daemon->options & MHD_USE_TLS))
{
gnutls_datum_t dhpar;
+ size_t pstr_len;
if (gnutls_dh_params_init (&daemon->https_mem_dhparams) < 0)
{
@@ -5052,7 +5086,16 @@ parse_options_va (struct MHD_Daemon *daemon,
return MHD_NO;
}
dhpar.data = (unsigned char *) pstr;
- dhpar.size = strlen (pstr);
+ pstr_len = strlen (pstr);
+ if (UINT_MAX < pstr_len)
+ {
+#ifdef HAVE_MESSAGES
+ MHD_DLOG (daemon,
+ _("Diffie-Hellman parameters string too long\n"));
+#endif
+ return MHD_NO;
+ }
+ dhpar.size = (unsigned int) pstr_len;
if (gnutls_dh_params_import_pkcs3 (daemon->https_mem_dhparams,
&dhpar,
GNUTLS_X509_FMT_PEM) < 0)
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [libmicrohttpd] branch master updated (d5d03f11 -> 9da5831c), gnunet, 2019/05/21
- [GNUnet-SVN] [libmicrohttpd] 03/10: Removed unused macro, gnunet, 2019/05/21
- [GNUnet-SVN] [libmicrohttpd] 04/10: Fixed compiler warning, gnunet, 2019/05/21
- [GNUnet-SVN] [libmicrohttpd] 02/10: Avoid dropping 'const' qualifier in macros, gnunet, 2019/05/21
- [GNUnet-SVN] [libmicrohttpd] 06/10: Check TLS strings lengths,
gnunet <=
- [GNUnet-SVN] [libmicrohttpd] 05/10: MHD_start_daemon(): fixed port detection on some platforms, avoid re-use variable names., gnunet, 2019/05/21
- [GNUnet-SVN] [libmicrohttpd] 01/10: Fixed doxygen comments, Fixed spelling in comments, gnunet, 2019/05/21
- [GNUnet-SVN] [libmicrohttpd] 07/10: Removed extra ';', gnunet, 2019/05/21
- [GNUnet-SVN] [libmicrohttpd] 08/10: MHD_set_connection_value_n_nocheck_() mark as static function, gnunet, 2019/05/21
- [GNUnet-SVN] [libmicrohttpd] 09/10: MHD_start_daemon(): report if TCP_FASTOPEN is used on supported platform, gnunet, 2019/05/21
- [GNUnet-SVN] [libmicrohttpd] 10/10: ChangeLog updated, gnunet, 2019/05/21